Companies that provide transaction accounts for purchasing goods and services are constantly looking for ways to increase the number of consumers using the companies” services. One way to encourage consumer use is ensure that consumer's shopping experience is pleasant and convenient. Many efforts for enhancing the convenience of the shopping experience focus on the speed at which the transaction is completed. The faster the transaction is completed, the more pleasant and convenient the shopping experience for the consumer. This need for speed has resulted in the development of payment devices designed to replace conventional credit cards and checks, the use of which results in a transaction dependent upon the alacrity of the persons involved in the transaction. For example, conventional credit cards and checks often must be temporarily relinquished, for example, to a cashier for transaction completion, and the transaction is completed only as quickly as the cashier moves.
The more recently developed payment devices do not have to be relinquished since the payment devices are capable of completing a transaction in a contactless environment. Particularly, the consumer may maintain control of the payment device during completion of the entire transaction since the payment device does not have to be “swiped” or inserted in a card reader to be read (e.g., data stored on the card is retrieved). This is, in turn, removes the need for handing over the payment device to a cashier who ordinarily increases the time for transaction completion.
One type of payment device that has become popular for use in speeding up a transaction is the integrated circuit card, or “smartcard.” The term “smartcard” refers generally to wallet-sized or smaller payment devices incorporating a microprocessor or microcontroller to store and manage data within the card. More complex than magnetic-stripe and stored-value cards, smartcards are characterized by sophisticated memory management and security features. A typical smartcard includes a microcontroller embedded within the card plastic which is electrically connected to an array of external contacts provided on the card exterior. A smartcard microcontroller generally includes an electrically-erasable and programmable read only memory (EEPROM) for storing user data, random access memory (RAM) for scratch storage, and read only memory (ROM) for storing the card operating system. Relatively simple microcontrollers are adequate to control these functions. Thus, it is not unusual for smartcards to utilize 8-bit, 5 MHZ microcontrollers with about 8K of EEPROM memory (for example, the Motorola 6805 or Intel 8051 microcontrollers).
A number of standards have been developed to address general aspects of integrated circuit cards, e.g.: ISO 7816-1, Part 1: Physical characteristics (1987); ISO 7816-2, Part 2: Dimensions and location of the contacts (1988); ISO 7816-3, Part 3: Electronic signals and transmission protocols (1989, Amd. 1 1992, Amd. 2 1994); ISO 7816-4, Part 4: Inter-industry commands for interchange (1995); ISO 7816-5, Part 5: Numbering system and registration procedure for application identifiers (1994, Amd. 1 1995); ISO/IEC DIS 7816-6, Inter-industry data elements (1995); ISO/IEC WD 7816-7, Part 7: Enhanced inter-industry commands (1995); and ISO/IEC WD 7816-8, Part 8: Inter-industry security architecture (1995). These standards are hereby incorporated by reference. Furthermore, general information regarding magnetic stripe cards and chip cards can be found in a number of standard texts, e.g., Zoreda & Oton, “Smart Cards” (1994), and Rankl & Effing, “Smart Card Handbook” (1997), the contents of which are hereby incorporated by reference.
Another payment device that is becoming more popular for use in speeding up a transaction uses Radio Frequency Identification (RFID) technology for data transfer. Of late, companies are increasingly embodying RFID data acquisition technology in a fob, tag or other similar form factor for use in completing financial transactions. A typical fob includes a transponder and is ordinarily a self-contained device, which may be contained on any portable form factor. In some instances, a battery may be included with the fob to power the transponder, in which case, the internal circuitry of the fob (including the transponder) may draw its operating power from the battery power source. Alternatively, the fob may exist independent of an internal power source. In this instance the internal circuitry of the fob (including the transponder) may gain its operating power directly from a RF interrogation signal. U.S. Pat. No. 5,053,774, issued to Schuermann, describes a typical transponder RF interrogation system, which may be found in the prior art. The Schuermann patent describes in general the powering technology surrounding conventional transponder structures. U.S. Pat. No. 4,739,328, issued to Koelle, et al., discusses a method by which a conventional transponder may respond to a RF interrogation signal. Other typical modulation techniques, which may be used, include, for example, ISO/IEC 14443 and the like.
In conventional fob powering technologies, the fob is typically activated upon presenting the fob in an interrogation signal. Alternatively, the fob may have an internal power source such that interrogation by the reader to activate the fob is not required. In either case, the fob does not have to be relinquished to a cashier, thereby speeding up transaction completion.
One of the more visible uses of the RFID technology is found in the introduction of Exxon/Mobil's Speedpass® and Shell's EasyPay® products. These products use transponders placed in a fob or tag, which enables automatic identification of the user when the fob is presented at a Point of Sale (POS) device. Fob identification data is typically passed to a third-party server database, where the identification data is referenced to a customer (e.g., user) credit or debit account.
One disadvantage with the conventional uses of the RFID technology is that conventional RFID devices may transmit only a limited amount of information (e.g., the device identifier) to the merchant system for processing. The advantage of transmitting data using Radio Frequency (RF), however, has not gone unnoticed. Some companies, such as American Express, have developed payment devices, which combine the integrated circuitry found in smartcard technology with the transponder powering technology found in conventional RFID devices. U.S. patent application Ser. No. 10/192,488, filed Jul. 9, 2002, entitled “SYSTEM AND METHOD FOR PAYMENT USING RADIO FREQUENCY IDENTIFICATION IN CONTACT AND CONTACTLESS TRANSACTIONS,” incorporated herein by reference (incorporated herein by reference), teaches such a device.
FIG. 9 illustrates a block diagram of the many functional blocks of an exemplary RF operable payment device fob 902 which is taught in the '488 application. Fob 902 may be a RFID fob 902 which may be presented by the user to facilitate an exchange of funds or points, etc., for receipt of goods or services. As described herein, by way of example, the fob 902 may be a RFID fob, which may be presented for facilitating payment for goods and/or services.
Fob 902 may include an antenna 903 for receiving an interrogation signal from a RFID reader (not shown) via antenna 903 (or alternatively, via external antenna 918 in communication with a transponder 920). Fob antenna 903 may be in communication with a transponder 914. In one exemplary embodiment, transponder 914 may be a 13.56 MHz transponder compliant with the ISO/IEC 14443 standard, and antenna 903 may be of the 13 MHz variety. The transponder 914 may be in communication with a transponder compatible modulator/demodulator 906 configured to receive the signal from transponder 914 and configured to modulate the signal into a format readable by any later connected circuitry. Further, modulator/demodulator 906 may be configured to format (e.g., demodulate) a signal received from the later connected circuitry in a format compatible with transponder 914 for transmitting to RFID reader via antenna 903. For example, where transponder 914 is of the 13.56 MHz variety, modulator/demodulator 906 may be ISO/IEC 14443-2 compliant.
Modulator/demodulator 906 may be coupled to a protocol/sequence controller 908 for facilitating control of the authentication of the signal provided by RFID reader, and for facilitating control of the sending of the fob 902 account number. In this regard, protocol/sequence controller 908 may be any suitable digital or logic driven circuitry capable of facilitating determination of the sequence of operation for the fob 902 inner-circuitry. For example, protocol/sequence controller 908 may be configured to determine whether the signal provided by the RFID reader is authenticated, and thereby providing to the RFID reader the account number stored on fob 902.
Protocol/sequence controller 908 may be further in communication with authentication circuitry 910 for facilitating authentication of the signal provided by RFID reader. Authentication circuitry may be further in communication with a non-volatile secure memory database 912. Secure memory database 912 may be any suitable elementary file system such as that defined by ISO/IEC 7816-4 or any other elementary file system allowing a lookup of data to be interpreted by the application on the chip. The data may be used by protocol/sequence controller 908 for data analysis and used for management and control purposes, as well as security purposes. Authentication circuitry may authenticate the signal provided by RFID reader by association of the RFID signal to authentication keys stored on database 912. Encryption circuitry may use keys stored on database 912 to perform encryption and/or decryption of signals sent to or from the RFID reader.
In addition, protocol/sequence controller 908 may be in communication with a database 914 for storing at least a fob 902 account data, and a unique fob 902 identification code. Protocol/sequence controller 908 may be configured to retrieve the account number from database 914 as desired. Database 914 may be of the same configuration as database 912 described above. The fob account data and/or unique fob identification code stored on database 914 may be encrypted prior to storage. Thus, where protocol/sequence controller 908 retrieves the account data, and or unique fob identification code from database 914, the account number may be encrypted when being provided to RFID reader. Further, the data stored on database 914 may include, for example, an unencrypted unique fob 902 identification code, a user identification, Track 1 and Track 2 data, as well as specific application applets. In a typical transaction, a consumer may present the fob 902 to a merchant reader (not shown) for transaction completion. The merchant reader may receive information from the fob database 912, 914 to be transferred to the account issuer for transaction completion.
While use of the smartcard and RF technologies results in a faster and more convenient transaction, the method of data transfer between the payment device and the merchant system must be secured against fraud. As such, a need exists for a method of securing the transaction which does not increase the time needed to complete a transaction, and which method may be used without device user intervention.